WP Custom Cursors by Web_Trendy <= 3.0.0 - Arbitrary Cursor Deletion via CSRF
LANACOMMONVDB ID: 96ff97f1-de1e-423d-a36d-15e2bb9d5c27
The plugin does not have Cross-Site Request Forgery (CSRF) check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a Cross-Site Request Forgery (CSRF) attack.